OTP stop working since ocserv 0.11.9
Hi, I'm using ocserv for a long time already, together with Cisco AnyConnect 4.x. For some reason, OTP stop working, since 0.11.9 (using EPEL repository), now I've installed 0.11.10-2.el7 from epel-testing, symptoms the same:
Jan 29 19:05:37 main ocserv[23012]: worker: client certificate verification succeeded Jan 29 19:05:38 main ocserv[21382]: sec-mod: using 'certificate+plain' authentication to authenticate user (session: +lDq7R) Jan 29 19:05:48 main ocserv[21382]: sec-mod: auth cont received for (session: +lDq7R) but we are on state 1! Jan 29 19:05:48 main ocserv[23012]: worker[]: <IP?> worker-auth.c:1577: failed authentication for <'user'>
I'm using, acutaally thee authentication methods in /etc/ocserv.conf:
auth = "certificate"
auth = "plain[passwd=/etc/ocserv/ocpasswd,otp=/etc/users.otp]"
In AnyConnect windows I see input for username, password and OTP, everything is correct.
Once, I've downgreded ocserv to 0.11.8 everything became working.
Versins:
ocserv -version
ocserv 0.11.8
Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.3.26 (compiled with 3.3.24)
ocserv -version
ocserv 0.11.9
Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.3.26
ocserv -version
ocserv 0.11.10
Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.3.26